Hi all,

The following is blocking the ability for me to install a CA replica.

Environment:
RHEL 6.6
IPA 3.0.0-42
PKI 9.0.3-38

On the master the following is happening:

ipa-getcert list
Number of certificates and requests being tracked: 5.

(but it shows no certificate details in the output)

Running "getcert list" shows complete output.

Also, when trying to browse https://master.mydomain.com/ca/ee/ca/getCertChain i 
get a failed response. The apache error logs on the master show....

[Thu Feb 19 23:23:23 2015] [error] SSL Library Error: -12271 SSL client cannot 
verify your certificate

The reason I am trying to browse that address is because that's what the 
ipa-ca-install setup is failing at (it complains that the CA certificate is not 
in proper format, in fact it's not able to get it at all).

I know from another working ipa setup that ....

Browsing to the above address provides valid xml content and ipa-getcert list 
shows certificate details and not just the number of tracked certificates.

Been trying for a long time to figure out the issues without luck.

I would greatly appreciate any help to troubleshoot and resolve the above 
issues.

Regards,

Les


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to